Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1868
Views
0
Helpful
4
Replies

WSA PAC file VS WCCP

irfan.ahmed
Level 1
Level 1

‎04-19-2016 11:03 PM

Which option is better PAC file or WCCP ?

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-19-2016 11:13 PM

I've used both.

I like WCCP because it requires nothing to be configured on client devices, and works with all client devices.  When people take devices home (like notebooks or smartphones) nothing has to be re-configured.  As a down side, it is really only good for basic protocols like http.  Other protocols can involve tricks to go through the WSA nicely.

I usually use it as my preferred option.

The nice thing about PAC is you can direct everything through a proxy server (http, https, ftp) without any tricks.  This also make reporting more accurate if that is important to you.  I used a PAC file recently for a client when they had complex content routing requirements.  Some requests had to be routed to a specific WSA and other requests had to be routed somewhere else.

You can deploy a PAC via WPAD, but some mobile devices don't do this properly and you end up having to statically configure them with proxy settings.

 Also some device have to have it turned off when they leave the office, so you should expect more support calls.

0 Helpful

Tao Yang
Cisco Employee
Cisco Employee
In response to Philip D'Ath

‎04-19-2016 11:30 PM

One important thing is PAC file is explicit mode and WCCP is transparent mode which means WSA will use different way to handle proxy authentication.

0 Helpful

irfan.ahmed
Level 1
Level 1
In response to Tao Yang

‎04-19-2016 11:43 PM

I am using WCCP to redirect http , https and ftp traffic but needs to know if PAC file is easy to implement specially with SSL decryption on Firefox. 

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to irfan.ahmed

‎04-22-2016 09:52 PM

Explicit mode such as using PAC, WPAD or point the internet browser directly to WSA is relatively easier to deploy and troubleshoot compare to WCCP mode.

When you create the PAC file scripting, you will need to host this file for the browser to point to and apply the PAC file script to tell where the request will be forwarded to (you can also host the PAC file in WSA as well, however would not really recommended in case WSA went down then users unable to read the PAC file as well).

In regards to HTTPS traffic, for explicit mode, WSA will be able to tell the hostname of the destination address therefore from logs perspective when using explicit mode for HTTPS we can see the destination hostname while WCCP from the logs we only see the destination IP address only.

0 Helpful
Customers Also Viewed These Support Documents